Lucene search
K
Checkpoint AdvisoriesRecent

13538 matches found

Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•13 views

Microsoft Windows Media Player Remote Code Execution (MS16-027: CVE-2016-0098)

A remote code execution vulnerability has been reported in Microsoft Windows Media Player. The vulnerability is due to an error in Microsoft Windows Media Player while handling specially crafted media content. A remote attacker could trigger this flaw by convincing a victim to open a specially...

9.3CVSS8.6AI score0.20145EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•14 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0102)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to a type confusion when handling certain objects in JavaScript. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could...

7.6CVSS7.8AI score0.16771EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB16-08: CVE-2016-0986)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•15 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0106)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...

7.6CVSS7.8AI score0.16644EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•18 views

Microsoft Office Memory Corruption (MS16-029: CVE-2016-0134)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

9.3CVSS7.6AI score0.22285EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•17 views

Microsoft Windows OLE Memory Remote Code Execution (MS16-030: CVE-2016-0091)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is caused due to a missing bound checks. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

6.8CVSS7.9AI score0.23645EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•15 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0107)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to out-of-bound write access. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page. Successful exploitation could cause memory...

7.6CVSS7.8AI score0.16644EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/08 12:0 a.m.•10 views

Microsoft Internet Explorer Memory Corruption (MS16-023: CVE-2016-0103)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer due to out-of-bound write access during an inner operation. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page. Successful exploitation could cause memory...

7.6CVSS7.8AI score0.13465EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/07 12:0 a.m.•11 views

Adobe Acrobat And Reader Memory Corruption (APSB16-09: CVE-2016-1009)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially...

10CVSS9.3AI score0.06103EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•1 views

Multiple OS Malicious File Containing JS Downloader

A malicious JavaScript downloader file was observed as part of Locky ransomware campaign. A remote attacker could convince users to manually trigger it. This would allow the malicious code to run and infect the target system...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB15-32: CVE-2015-8652)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.4AI score0.06292EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•6 views

Adobe Flash Player Memory Corruption (APSB16-08: CVE-2016-0961)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•8 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0988)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS3.5AI score0.05079EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•3 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0987)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS3.5AI score0.0642EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•5 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0996)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.0714EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•3 views

Adobe Flash Player Heap Buffer Overflow (APSB16-08: CVE-2016-1001)

A heap buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

10CVSS4.3AI score0.26227EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•3 views

Adobe Flash Player Memory Corruption (APSB16-08: CVE-2016-0962)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB16-08: CVE-2016-0989)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.04049EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•4 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0990)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS3.5AI score0.07248EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•2 views

Adobe Flash Player Integer Overflow Remote Code Execution (APSB16-08: CVE-2016-0993)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a design flaw that could lead to integer overflow. A remote attacker can exploit this vulnerability by enticing a victim to open specially crafted SWF files...

10CVSS4.7AI score0.0566EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB16-08: CVE-2016-1005)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

9.3CVSS4.4AI score0.0528EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•6 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0994)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.0804EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•4 views

Adobe Flash Player Memory Corruption (APSB16-08: CVE-2016-0960)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•7 views

Adobe Flash Player Use After Free Code Execution (APSB16-08: CVE-2016-0991)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

10CVSS3.5AI score0.05079EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/06 12:0 a.m.•18 views

Adobe Flash Player Use After Free Code Execution (APSB15-32: CVE-2015-8655; CVE-2015-8658)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially craft...

9.3CVSS3.5AI score0.07926EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/01 12:0 a.m.•3 views

Netis/Netcore Router Hard-Coded Backdoor

A backdoor in Netis/Netcore routers has been reported. The routers are protected by a single hard-coded password. The exploitation of this backdoor could compromise the network protected by the device...

3.7AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/03/01 12:0 a.m.•24 views

Unitronics UniDownloader and VisiLogic OPLC IDE IPWorksSSL.HTTPS Memory Corruption (CVE-2015-7905)

A memory corruption vulnerability exists in Unitronics, VisiLogic OPLC IDE and UniDownloader. The vulnerability is due to untrusted pointer dereference on the SSLCertHandle parameter of the IPWorksSSL.HTTPS ActiveX control. A remote attacker could exploit this vulnerability by enticing a vulnerab...

7.5CVSS3.3AI score0.04734EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/29 12:0 a.m.•33 views

Redis Lua Scripting Component getnum Integer Overflow (CVE-2015-8080)

An integer overflow vulnerability has been reported in Redis. This vulnerability is due to the vulnerable server incorrectly parsing specific Lua scripts. A remote authenticated attacker can exploit this vulnerability by sending a specially crafted RESP message to the target server. Successful...

5CVSS3.3AI score0.05362EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/02/28 12:0 a.m.•2 views

URL Path Containing Suspicious Executable

Certain URL paths may be indicative of malicious executable files that are characteristic of the Locky ransomware. A remote attacker could entice unsuspecting users to access such URLs, leading to execution of malicious files on the affected system...

4.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/25 12:0 a.m.•8 views

ISC BIND apl_42.c INSIST Assertion Failure Denial of Service (CVE-2015-8704)

A denial-of-service vulnerability has been reported in BIND DNS package bind9. The vulnerability is due to an error in string format operations that causes the BIND daemon to exit with an INSIST assertion failure when processing certain records. A remote attacker could exploit this vulnerability...

6.8CVSS3.6AI score0.20172EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/24 12:0 a.m.•1 views

Multiple OS Malicious E-Mail Attachment Code Execution

A cross-platforms code execution vulnerability has been reported in E-Mail attachments. Successful exploitation of this vulnerability would allow a remote attacker to collect keystrokes, steal cached passwords, grab data from web forms, take screenshots and perform other actions on the affected...

3.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/23 12:0 a.m.•3 views

Ignite Realtime Openfire group-summary.jsp Cross-Site Scripting (CVE-2015-6972)

A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "search" parameter within the group-summary.jsp page. By convincing an authenticated user to visit a malicious website, a remote attacker can explo...

4.3CVSS4.8AI score0.07998EPSS
Exploits2
Check Point Advisories
Check Point Advisories
•added 2016/02/23 12:0 a.m.•1 views

Microsoft Office Mail Attachment Containing Malicious Downloader

A Microsoft Office Mail attachment containing a malicious downloader was observed as part of Locky ransomware campaign. A remote attacker could send spam e-mails including those downloaders and convince users to manually enable them. This would allow the malicious code to run and infect the targe...

4.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/23 12:0 a.m.•2 views

Kaspersky Internet Security HTTPS Inspection Insecure Certificate Validation

A code execution vulnerability has been reported in Kaspersky Internet Security. This vulnerability is due to improper validation of a temporary certificate name. A remote, unauthenticated attacker can exploit this vulnerability by sending the user a crafted certificate, potentially leading to a...

2.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/23 12:0 a.m.•1 views

Suspicious Executable Mail Attachment

Certain malicious executable files can be hidden using a different extension for the file. A remote attacker could exploit this vulnerability to entice unsuspecting users to execute a malicious mail attachment. This method is often used by ransomware such as Locky, Cerber, CryptoXXX, and others...

4.4AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/23 12:0 a.m.•18 views

IBM Tivoli Storage Manager FastBack Server Opcode 4115 Buffer Overflow (CVE-2015-4931)

A buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack Server. The vulnerability is due to insufficient boundary checking on parameters in opcode 4115 requests. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to port 11460/TCP...

10CVSS7.6AI score0.08979EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/22 12:0 a.m.•32 views

Unitronics VisiLogic OPLC TeeCommander ChartLink ActiveX Control Memory Corruption (CVE-2015-6478)

A memory corruption vulnerability exists in Unitronics VisiLogic OPLC. The vulnerability is due to untrusted pointer dereference on the ChartLink parameter of the TeeChart.TeeCommander ActiveX control. A remote attacker could exploit this vulnerability by enticing a vulnerable user to open a...

6.8CVSS9AI score0.01553EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/22 12:0 a.m.•32 views

Unitronics VisiLogic OPLC IDE TeePreviewer ChartLink Memory Corruption (CVE-2015-6478)

A memory corruption vulnerability has been reported in Unitronics VisiLogic OPLC IDE. The vulnerability is due to a flaw in the TeePreviewer object in TeeChart5.ocx, in which a user-supplied integer is interpreted as a memory address. A remote, unauthenticated attacker could exploit this...

6.8CVSS9.4AI score0.01553EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/22 12:0 a.m.•43 views

Unitronics VisiLogic OPLC TeeChart ActiveX RemoveSeries Out of Bounds Array Indexing (CVE-2015-6478)

An out of bounds array indexing vulnerability exists in Unitronics VisiLogic OPLC. The vulnerability is due to use of user supplied value to calculate array index in the RemoveSeries method of the TeeChart.TChart ActiveX control. A remote attacker could exploit this vulnerability by enticing a...

6.8CVSS8.9AI score0.01553EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/21 12:0 a.m.•1 views

Cisco ASA VPN Portal Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Cisco ASA VPN portal. The vulnerability is due to lack of data sanitization on URL parameters. A remote attacker can exploit this vulnerability by sending a specially crafted request to an affected server...

3.9AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/18 12:0 a.m.•7 views

DNS Client Resolver glibc Buffer Overflow (CVE-2015-7547)

The Linux glibc library is vulnerable to a stack-based buffer overflow. DNS client side resolvers using this library may be exploited by remote attackers. Successful exploitation would allow an attacker to execute arbitrary code on the target...

6.8CVSS7.2AI score0.89557EPSS
Exploits17
Check Point Advisories
Check Point Advisories
•added 2016/02/17 12:0 a.m.•0 views

JavaScript Malicious Enumerator Obfuscation Technique

Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/17 12:0 a.m.•3 views

JavaScript Malicious Escape Obfuscation Technique

Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/17 12:0 a.m.•3 views

JavaScript Malicious Shifting Obfuscation Technique

Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...

3.5AI score
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/17 12:0 a.m.•7 views

OpenSSL RSA PSS Absent Mask Generation Parameter Denial of Service (CVE-2015-3194)

A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to a NULL pointer dereference when an OpenSSL application receives and processes a crafted certificate containing an invalid RSA PSS parameter. A remote, unauthenticated attacker can exploit this vulnerability by sendin...

5CVSS3.9AI score0.44016EPSS
Exploits1
Check Point Advisories
Check Point Advisories
•added 2016/02/15 12:0 a.m.•47 views

Schneider Electric ProClima F1BookView Memory Corruption (CVE-2015-7918; CVE-2015-8561)

A memory corruption vulnerability has been reported in Schneider Electric ProClima. The vulnerability is due to a flaw in some methods of the F1BookView ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to browse to a maliciously crafte...

6.8CVSS7.3AI score0.05734EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/14 12:0 a.m.•3 views

Cisco Adaptive Security Appliance IKEv1 and IKEv2 Buffer Overflow (CVE-2016-1287)

A buffer overflow vulnerability exists in Cisco Adaptive Security Appliance software. The vulnerability is due to a failure on part of Internet Key Exchange version 1 and version 2 code to handle UDP requests. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted...

10CVSS9.6AI score0.77462EPSS
Exploits4
Check Point Advisories
Check Point Advisories
•added 2016/02/14 12:0 a.m.•27 views

Adobe Flash Player Memory Corruption (APSB16-04: CVE-2016-0979)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/14 12:0 a.m.•1 views

Adobe Flash Player Integer Overflow (APSB16-04: CVE-2016-0978)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a design flaw that could lead to integer overflow. A remote attacker can exploit this vulnerability by enticing a victim to open specially crafted SWF files...

10CVSS5AI score0.03783EPSS
Exploits0
Check Point Advisories
Check Point Advisories
•added 2016/02/14 12:0 a.m.•5 views

Adobe Flash Player Memory Corruption (APSB16-04: CVE-2016-0981)

A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted SWF file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted SWF file...

10CVSS4.4AI score0.04576EPSS
Exploits0
Total number of security vulnerabilities13538